PT-2024-13350 · Mercusys · Mercusys Mw325R
K4M1Ll0
+1
·
Published
2024-05-29
·
Updated
2024-08-22
·
CVE-2023-46297
CVSS v3.1
5.1
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Mercusys MW325R EU V3 version 1.11.0 221019
Description
An issue allows a WAN attacker to make the admin interface unreachable via an unauthenticated HTTP request. The verification of user data does not occur, and the web server remains operational, but the admin interface becomes invisible due to the unavailability of necessary files. Typically, a reboot of the router is required to restore the correct behavior.
Recommendations
For Mercusys MW325R EU V3 version 1.11.0 221019, as a temporary workaround, consider restricting access to the admin interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Improper Handling of Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mercusys Mw325R